Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Buffer overflow in error printing #22

Closed
GoogleCodeExporter opened this issue Nov 5, 2015 · 2 comments
Closed

Buffer overflow in error printing #22

GoogleCodeExporter opened this issue Nov 5, 2015 · 2 comments
Labels
auto-migrated Priority-Medium Type-Defect

Comments

@GoogleCodeExporter
Copy link 

I'm using HEAD verion.

styx@styx-zone:~/@virlab/q$ valgrind yara userdb.yara 
8D610742B96EC1F14EF758E4004A63D7F1102486 
==31051== Memcheck, a memory error detector
==31051== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==31051== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==31051== Command: yara userdb.yara 8D610742B96EC1F14EF758E4004A63D7F1102486
==31051== 
*** buffer overflow detected ***: yara terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x590a1d7]
/lib/x86_64-linux-gnu/libc.so.6(+0xfd0f0)[0x59090f0]
/lib/x86_64-linux-gnu/libc.so.6(__strncpy_chk+0x16e)[0x59083de]
yara[0x405624]
yara[0x40b7b4]
yara[0x406961]
yara[0x402388]


GDB backtrace:

Program received signal SIGABRT, Aborted.
0x00007ffff709ed05 in raise (sig=6) at 
../nptl/sysdeps/unix/sysv/linux/raise.c:64
64  ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
    in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) bt
#0  0x00007ffff709ed05 in raise (sig=6) at 
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007ffff70a2ab6 in abort () at abort.c:92
#2  0x00007ffff70d7d7b in __libc_message (do_abort=2, fmt=0x7ffff71beb23 "*** 
%s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#3  0x00007ffff71691d7 in __fortify_fail (msg=0x7ffff71beaba "buffer overflow 
detected") at fortify_fail.c:32
#4  0x00007ffff71680f0 in __chk_fail () at chk_fail.c:29
#5  0x00007ffff71673de in __strncpy_chk (s1=<value optimized out>, s2=<value 
optimized out>, n=<value optimized out>, s1len=<value optimized out>)
    at strncpy_chk.c:34
#6  0x0000000000405624 in strncpy (yyscanner=<value optimized out>, 
    error_message=0x7fffffffd650 "syntax error, unexpected '{', expecting _TEXTSTRING_ or _HEXSTRING_ or _REGEXP_") at /usr/include/bits/string3.h:121
#7  yyerror (yyscanner=<value optimized out>, 
    error_message=0x7fffffffd650 "syntax error, unexpected '{', expecting _TEXTSTRING_ or _HEXSTRING_ or _REGEXP_") at lex.l:428
#8  0x000000000040b7b4 in yyparse (yyscanner=0x6132b0) at grammar.c:2488
#9  0x0000000000406961 in parse_rules_file (rules_file=0x613050, 
context=0x7ffff7f4e010) at lex.l:491
#10 0x0000000000402388 in main (argc=3, argv=0x7fffffffd878) at yara.c:576
(gdb) quit
A debugging session is active.

    Inferior 1 [process 31067] will be killed.


My sollution:
In lex.l local var 'message' has size 512 and the error message in context has 
only 256. So I just increased the size of 'last_error_extra_info' to 512.

Original issue reported on code.google.com by styx...@gmail.com on 13 Jun 2011 at 8:08

Attachments:
@GoogleCodeExporter
Copy link
Author 

Fixed on r113

Original comment by plus...@gmail.com on 27 Jun 2011 at 7:00

  • Changed state: Fixed

@GoogleCodeExporter
Copy link
Author 

Issue 28 has been merged into this issue.

Original comment by plus...@gmail.com on 28 Jul 2011 at 11:01

@GoogleCodeExporter GoogleCodeExporter mentioned this issue Nov 5, 2015
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Priority-Medium Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter